Backing up DC for a catastrophic case












3















I've been setting up off-site backups for the most critical elements of the company I work at. One of these critical elements is the DC.



Now, the company is fairly small, so has only a single forest, and two DC servers on separate physical machines (one's virtualized, however). That said, a critical fault in the server room could destroy both of these machines.



So, I'm trying to create a DC backup for a critical-case scenario. I keep reading online that backing up the System State is enough, but I have a feeling this is only valid if you want to be able to restore the DC on the same server where the backup was taken. I've tried taking a System State backup and then restoring it on an isolated VM (same server, same updates), and this... didn't go so well; the restore went fine, but then I couldn't contact the local DC, even if I ensured the VM had the same IP as before (still isolated, of course). None of the DC-related administrative consoles worked either. There was even a warning during restoration that restoring a System State from another machine is not suggested.



Thus, I feel this is the wrong approach. So... what IS the right approach, if I want to backup our DC off-site, to cover a critical failure? A complete backup of the C: drive + System State or I could just backup the whole drive for that virtualized DC, but I'm trying to make the backup as small as possible...



PS. I'm using the Azure Backup application, but I don't think it's that relevant. All of our DCs are currently running Windows Server 2016.










share|improve this question




















  • 3





    +1 for actually testing critical recovery ;). I have not been using Azure Backup yet, but System State should be enough (no matter which backup solution you use). You did read the Technet article, I assume? Esp. the part for a different server.

    – Lenniey
    3 hours ago













  • @Lenniey Yes, I read that article. But, upon reflection, I may have missed a critical part of it (specifically the bit to follow more steps post AD recovery described here. I'm testing this now.

    – Shaamaan
    3 hours ago
















3















I've been setting up off-site backups for the most critical elements of the company I work at. One of these critical elements is the DC.



Now, the company is fairly small, so has only a single forest, and two DC servers on separate physical machines (one's virtualized, however). That said, a critical fault in the server room could destroy both of these machines.



So, I'm trying to create a DC backup for a critical-case scenario. I keep reading online that backing up the System State is enough, but I have a feeling this is only valid if you want to be able to restore the DC on the same server where the backup was taken. I've tried taking a System State backup and then restoring it on an isolated VM (same server, same updates), and this... didn't go so well; the restore went fine, but then I couldn't contact the local DC, even if I ensured the VM had the same IP as before (still isolated, of course). None of the DC-related administrative consoles worked either. There was even a warning during restoration that restoring a System State from another machine is not suggested.



Thus, I feel this is the wrong approach. So... what IS the right approach, if I want to backup our DC off-site, to cover a critical failure? A complete backup of the C: drive + System State or I could just backup the whole drive for that virtualized DC, but I'm trying to make the backup as small as possible...



PS. I'm using the Azure Backup application, but I don't think it's that relevant. All of our DCs are currently running Windows Server 2016.










share|improve this question




















  • 3





    +1 for actually testing critical recovery ;). I have not been using Azure Backup yet, but System State should be enough (no matter which backup solution you use). You did read the Technet article, I assume? Esp. the part for a different server.

    – Lenniey
    3 hours ago













  • @Lenniey Yes, I read that article. But, upon reflection, I may have missed a critical part of it (specifically the bit to follow more steps post AD recovery described here. I'm testing this now.

    – Shaamaan
    3 hours ago














3












3








3








I've been setting up off-site backups for the most critical elements of the company I work at. One of these critical elements is the DC.



Now, the company is fairly small, so has only a single forest, and two DC servers on separate physical machines (one's virtualized, however). That said, a critical fault in the server room could destroy both of these machines.



So, I'm trying to create a DC backup for a critical-case scenario. I keep reading online that backing up the System State is enough, but I have a feeling this is only valid if you want to be able to restore the DC on the same server where the backup was taken. I've tried taking a System State backup and then restoring it on an isolated VM (same server, same updates), and this... didn't go so well; the restore went fine, but then I couldn't contact the local DC, even if I ensured the VM had the same IP as before (still isolated, of course). None of the DC-related administrative consoles worked either. There was even a warning during restoration that restoring a System State from another machine is not suggested.



Thus, I feel this is the wrong approach. So... what IS the right approach, if I want to backup our DC off-site, to cover a critical failure? A complete backup of the C: drive + System State or I could just backup the whole drive for that virtualized DC, but I'm trying to make the backup as small as possible...



PS. I'm using the Azure Backup application, but I don't think it's that relevant. All of our DCs are currently running Windows Server 2016.










share|improve this question
















I've been setting up off-site backups for the most critical elements of the company I work at. One of these critical elements is the DC.



Now, the company is fairly small, so has only a single forest, and two DC servers on separate physical machines (one's virtualized, however). That said, a critical fault in the server room could destroy both of these machines.



So, I'm trying to create a DC backup for a critical-case scenario. I keep reading online that backing up the System State is enough, but I have a feeling this is only valid if you want to be able to restore the DC on the same server where the backup was taken. I've tried taking a System State backup and then restoring it on an isolated VM (same server, same updates), and this... didn't go so well; the restore went fine, but then I couldn't contact the local DC, even if I ensured the VM had the same IP as before (still isolated, of course). None of the DC-related administrative consoles worked either. There was even a warning during restoration that restoring a System State from another machine is not suggested.



Thus, I feel this is the wrong approach. So... what IS the right approach, if I want to backup our DC off-site, to cover a critical failure? A complete backup of the C: drive + System State or I could just backup the whole drive for that virtualized DC, but I'm trying to make the backup as small as possible...



PS. I'm using the Azure Backup application, but I don't think it's that relevant. All of our DCs are currently running Windows Server 2016.







backup domain-controller






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 1 hour ago







Shaamaan

















asked 4 hours ago









ShaamaanShaamaan

1681112




1681112








  • 3





    +1 for actually testing critical recovery ;). I have not been using Azure Backup yet, but System State should be enough (no matter which backup solution you use). You did read the Technet article, I assume? Esp. the part for a different server.

    – Lenniey
    3 hours ago













  • @Lenniey Yes, I read that article. But, upon reflection, I may have missed a critical part of it (specifically the bit to follow more steps post AD recovery described here. I'm testing this now.

    – Shaamaan
    3 hours ago














  • 3





    +1 for actually testing critical recovery ;). I have not been using Azure Backup yet, but System State should be enough (no matter which backup solution you use). You did read the Technet article, I assume? Esp. the part for a different server.

    – Lenniey
    3 hours ago













  • @Lenniey Yes, I read that article. But, upon reflection, I may have missed a critical part of it (specifically the bit to follow more steps post AD recovery described here. I'm testing this now.

    – Shaamaan
    3 hours ago








3




3





+1 for actually testing critical recovery ;). I have not been using Azure Backup yet, but System State should be enough (no matter which backup solution you use). You did read the Technet article, I assume? Esp. the part for a different server.

– Lenniey
3 hours ago







+1 for actually testing critical recovery ;). I have not been using Azure Backup yet, but System State should be enough (no matter which backup solution you use). You did read the Technet article, I assume? Esp. the part for a different server.

– Lenniey
3 hours ago















@Lenniey Yes, I read that article. But, upon reflection, I may have missed a critical part of it (specifically the bit to follow more steps post AD recovery described here. I'm testing this now.

– Shaamaan
3 hours ago





@Lenniey Yes, I read that article. But, upon reflection, I may have missed a critical part of it (specifically the bit to follow more steps post AD recovery described here. I'm testing this now.

– Shaamaan
3 hours ago










2 Answers
2






active

oldest

votes


















4















I'm trying to make the backup as small as possible...




This is a common approach and it's the wrong approach.



You're protecting one of the company's most important information technology assets. Treat it as such. Nothing less than a full backup of the DC is acceptable. You can use the built in Windows Server Backup to make a full, bare metal recovery capable backup of the DC.



DC's are typically small. You could probably fit the entirety of a full backup of the DC on a $20.00 USB drive. Don't skimp.



I get it, backup software and storage can be costly, especially over time. I hear no end of IT admins talking about ways to reduce those costs. Don't trade your ability to recover anything and/or everything simply to reduce costs. You need to determine how much protection (in the form of backups) you need to have and how to balance that with what you have available in your IT budget. Backups are like insurance, how much insurance do you want to have and how much are you willing to pay for it? I don't want to be the person who has to explain to the CEO that we can't recover a critical piece of IT infrastructure because we were trying to save a few dollars. My approach to backups is that it's better to have it and not need it then to need it and not have it.



From an operational and technical perspective, I'd much rather restore a full BMR backup of a DC then to try and restore the System State of the DC to a new machine.






share|improve this answer

































    2














    A system state restore could work, but the only method supported by Microsoft is a full system image recovery. This includes system state.



    A complete forest recovery is complex, so you need to review the following document and create your own document with the required steps:



    https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-guide






    share|improve this answer























      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "2"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f949678%2fbacking-up-dc-for-a-catastrophic-case%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      4















      I'm trying to make the backup as small as possible...




      This is a common approach and it's the wrong approach.



      You're protecting one of the company's most important information technology assets. Treat it as such. Nothing less than a full backup of the DC is acceptable. You can use the built in Windows Server Backup to make a full, bare metal recovery capable backup of the DC.



      DC's are typically small. You could probably fit the entirety of a full backup of the DC on a $20.00 USB drive. Don't skimp.



      I get it, backup software and storage can be costly, especially over time. I hear no end of IT admins talking about ways to reduce those costs. Don't trade your ability to recover anything and/or everything simply to reduce costs. You need to determine how much protection (in the form of backups) you need to have and how to balance that with what you have available in your IT budget. Backups are like insurance, how much insurance do you want to have and how much are you willing to pay for it? I don't want to be the person who has to explain to the CEO that we can't recover a critical piece of IT infrastructure because we were trying to save a few dollars. My approach to backups is that it's better to have it and not need it then to need it and not have it.



      From an operational and technical perspective, I'd much rather restore a full BMR backup of a DC then to try and restore the System State of the DC to a new machine.






      share|improve this answer






























        4















        I'm trying to make the backup as small as possible...




        This is a common approach and it's the wrong approach.



        You're protecting one of the company's most important information technology assets. Treat it as such. Nothing less than a full backup of the DC is acceptable. You can use the built in Windows Server Backup to make a full, bare metal recovery capable backup of the DC.



        DC's are typically small. You could probably fit the entirety of a full backup of the DC on a $20.00 USB drive. Don't skimp.



        I get it, backup software and storage can be costly, especially over time. I hear no end of IT admins talking about ways to reduce those costs. Don't trade your ability to recover anything and/or everything simply to reduce costs. You need to determine how much protection (in the form of backups) you need to have and how to balance that with what you have available in your IT budget. Backups are like insurance, how much insurance do you want to have and how much are you willing to pay for it? I don't want to be the person who has to explain to the CEO that we can't recover a critical piece of IT infrastructure because we were trying to save a few dollars. My approach to backups is that it's better to have it and not need it then to need it and not have it.



        From an operational and technical perspective, I'd much rather restore a full BMR backup of a DC then to try and restore the System State of the DC to a new machine.






        share|improve this answer




























          4












          4








          4








          I'm trying to make the backup as small as possible...




          This is a common approach and it's the wrong approach.



          You're protecting one of the company's most important information technology assets. Treat it as such. Nothing less than a full backup of the DC is acceptable. You can use the built in Windows Server Backup to make a full, bare metal recovery capable backup of the DC.



          DC's are typically small. You could probably fit the entirety of a full backup of the DC on a $20.00 USB drive. Don't skimp.



          I get it, backup software and storage can be costly, especially over time. I hear no end of IT admins talking about ways to reduce those costs. Don't trade your ability to recover anything and/or everything simply to reduce costs. You need to determine how much protection (in the form of backups) you need to have and how to balance that with what you have available in your IT budget. Backups are like insurance, how much insurance do you want to have and how much are you willing to pay for it? I don't want to be the person who has to explain to the CEO that we can't recover a critical piece of IT infrastructure because we were trying to save a few dollars. My approach to backups is that it's better to have it and not need it then to need it and not have it.



          From an operational and technical perspective, I'd much rather restore a full BMR backup of a DC then to try and restore the System State of the DC to a new machine.






          share|improve this answer
















          I'm trying to make the backup as small as possible...




          This is a common approach and it's the wrong approach.



          You're protecting one of the company's most important information technology assets. Treat it as such. Nothing less than a full backup of the DC is acceptable. You can use the built in Windows Server Backup to make a full, bare metal recovery capable backup of the DC.



          DC's are typically small. You could probably fit the entirety of a full backup of the DC on a $20.00 USB drive. Don't skimp.



          I get it, backup software and storage can be costly, especially over time. I hear no end of IT admins talking about ways to reduce those costs. Don't trade your ability to recover anything and/or everything simply to reduce costs. You need to determine how much protection (in the form of backups) you need to have and how to balance that with what you have available in your IT budget. Backups are like insurance, how much insurance do you want to have and how much are you willing to pay for it? I don't want to be the person who has to explain to the CEO that we can't recover a critical piece of IT infrastructure because we were trying to save a few dollars. My approach to backups is that it's better to have it and not need it then to need it and not have it.



          From an operational and technical perspective, I'd much rather restore a full BMR backup of a DC then to try and restore the System State of the DC to a new machine.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited 36 mins ago

























          answered 48 mins ago









          joeqwertyjoeqwerty

          95.5k463149




          95.5k463149

























              2














              A system state restore could work, but the only method supported by Microsoft is a full system image recovery. This includes system state.



              A complete forest recovery is complex, so you need to review the following document and create your own document with the required steps:



              https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-guide






              share|improve this answer




























                2














                A system state restore could work, but the only method supported by Microsoft is a full system image recovery. This includes system state.



                A complete forest recovery is complex, so you need to review the following document and create your own document with the required steps:



                https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-guide






                share|improve this answer


























                  2












                  2








                  2







                  A system state restore could work, but the only method supported by Microsoft is a full system image recovery. This includes system state.



                  A complete forest recovery is complex, so you need to review the following document and create your own document with the required steps:



                  https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-guide






                  share|improve this answer













                  A system state restore could work, but the only method supported by Microsoft is a full system image recovery. This includes system state.



                  A complete forest recovery is complex, so you need to review the following document and create your own document with the required steps:



                  https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-guide







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered 58 mins ago









                  Greg AskewGreg Askew

                  28.4k33668




                  28.4k33668






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Server Fault!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f949678%2fbacking-up-dc-for-a-catastrophic-case%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      Magento 2 controller redirect on button click in phtml file

                      Polycentropodidae